diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-02 17:00:00 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-03-01 09:43:41 +0000 |
commit | 2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f (patch) | |
tree | 965aba505982685332984c7edb71ea50463355f2 /ipaserver/install/server/upgrade.py | |
parent | dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18 (diff) | |
download | freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.gz freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.xz freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.zip |
Move RA agent certificate file export to a different location
HTTPS connection to certificate server requires client authentication
so we need a file with client certificate and private key prior to
its first occurence which happens during migration of certificate
profiles to LDAP.
https://fedorahosted.org/freeipa/ticket/5695
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/server/upgrade.py')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 90c2be26e..c7965c7c3 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -44,7 +44,6 @@ from ipaserver.install import schemaupdate from ipaserver.install import custodiainstance from ipaserver.install import sysupgrade from ipaserver.install import dnskeysyncinstance -from ipaserver.install import krainstance from ipaserver.install import dogtaginstance from ipaserver.install import krbinstance from ipaserver.install import adtrustinstance @@ -1403,12 +1402,13 @@ def fix_trust_flags(): sysupgrade.set_upgrade_state('http', 'fix_trust_flags', True) -def export_kra_agent_pem(): +def export_ra_agent_pem(): root_logger.info('[Exporting KRA agent PEM file]') + # export_kra_agent_pem is the original name of this function sysupgrade.remove_upgrade_state('http', 'export_kra_agent_pem') - if os.path.exists(paths.KRA_AGENT_PEM): + if os.path.exists(paths.RA_AGENT_PEM): root_logger.info("KRA agent PEM file already exported") return @@ -1416,7 +1416,7 @@ def export_kra_agent_pem(): root_logger.info("KRA is not enabled") return - krainstance.export_kra_agent_pem() + dogtaginstance.export_ra_agent_pem() installutils.remove_file(paths.OLD_KRA_AGENT_PEM) @@ -1663,7 +1663,7 @@ def upgrade_configuration(): update_mod_nss_protocol(http) update_mod_nss_cipher_suite(http) fix_trust_flags() - export_kra_agent_pem() + export_ra_agent_pem() update_http_keytab(http) http.configure_gssproxy() http.start() |